December 13th, 2021
Log4J vulnerability (CVE-2021-4428)
The major news item over the December 11, 2021 weekend was the report that a critical vulnerability was uncovered in the widespread Log4J logging module. This report had everyone scrambling to find out if their systems were impacted by the issue. Because the exploit allows hackers to execute code remotely on a server, thousands of web sites had to be shut down preventively.
Objectif Lune has run an audit of its own software products to determine if they are vulnerable to this attack. We are pleased to report that none of our current products are exposed to the attack.
Some of our customers have reported that their IT teams have found references to the Log4J module in the various folder structures used by our products. These references must not be interpreted as a sign that the module is being used. For instance, the log4j.over.slf4j module simply indicates that any Log4J usage is being redirected to the Slf4J logging framework, which is unaffected by the vulnerability.
To check your version of OL Connect without having to open the application, open a Command Line window (CMD) and copy/paste the following command, then press Enter:
wmic datafile where name="C:\Program Files\Objectif Lune\OL Connect\Connect Server\ServerService.exe" get Version /value
Tagged in: CVE-2021-4428, Log4J, Vulnerability
Receive exclusive OL products news, tips and resources.
Your email address will not be published. Required fields are marked *
November 24th, 2021
Starting with OL Connect 2020.2, OL Connect Server allows role-based authorization and multiple users. In this article, we explore what this looks like for this first cut on improving security for the OL Connect Server.